Protecting yourself online

Recently web security has been a hot topic, and for good reason.  Edward Snowden leaked documents showing that the NSA was responsible for mass surveillance of foreign entities, and chances are that means you.  Other malicious parties also troll the web looking for vulnerabilities, in websites and trying to steal sensitive data. Although you may not control the websites which you use, you do control what you put on those websites.

Choosing a password

One of the best things you can do to protect yourself online is choosing a strong password.  “password” is the number one used password on the internet[1], and this also makes it one of the easiest to crack. Passwords that contain only alpha characters, or don’t use CaPiTilization, are easy to crack.  Also using a common dictionary work isn’t advised.  Many people make the mistake of using a password such as “p@$$w0rd”. By replacing some of the letters with symbols they believe wrongly that this makes it stronger.  Such password software such as hashcat which is freely available software, allows substitution rules that make cracking these passwords about as easy as the plain text counterparts.

The best way to protect yourself from such hacks is to use a strong and UNIQUE password for each site you visit.  I can’t stress how important the unique part is.  If a site you use gets cracked, and you reuse the passwords, attackers will instantly have access to all the other sites that you used that same password on.  By choosing a different password you shield the attack from compromising more of your accounts.

The second thing to consider is password strength, a password such as 6B3a+&{E`J is much stronger then horses for example.  You can generate strong passwords like that using a password generator or the easier way is to use a password manager such as  Last Pass which will generate a strong password and offer to store them securely so that you don’t have to remember them or write them down (I strongly recommend you NEVER write a password down).

Multi-factor Authentication

Multifactor authentication takes something you know, such as a password  and something you have, such as a mobile phone. Websites that use multifactor authentication ask you for your password and usually send a code to your phone or ask for a code from an authentication app.

Multifactor authentication slows attackers down substantially, forcing them to guess an ever changing code before they can get into your account, and often preventing damage before it can happen.  While you may believe you don’t require layers of protection, or think you have anything that important, consider an editor from the popular tech blog Wired who had a terrible experience that could have been mitigated with multifactor authentication.

Limit your online profile

When I was young, putting your information online was taboo.  You didn’t use your real name, or address online, and most people used avatars that weren’t their real picture.  Now having loads of personal information online isn’t uncommon and most people don’t think twice.  The big problem with this, once you put something online you know longer own or control it.  A picture for example, put on Facebook could be indexed by a search engine, and kept in their cache for years.  Worse other people can save the photo or post it on their own websites.

Your online information may be used for nuisance purposes, such as for marketing, or spam.  It can be used against you, like when going for a job interview.  It can also be used for more dangerous purposes, such as a stalker trying to find out about you.  The problem is that even with the controls that many sites offer, information put online is still on the open internet.

While you can’t take the stuff down you already put up, you can stop putting more information online, limit what websites you use, and remove what you can from these sites.

Leave a Reply

Your email address will not be published. Required fields are marked *